The Weakest Link: Where Blockchains Are Vulnerable

Blockchains are designed to be secure systems. But with cyberthreats on the increase, even the strongest blockchain may have some weak links.

Precisely because blockchain is designed to be secure, technology teams new to it tend to overlook its potential vulnerabilities.

Security issues on blockchain are the points at which the chain interacts with pre-existing software, ongoing business operations and individuals in charge of blockchain keys and permissions, RegineBonneau, chief executive officer of RB Advisory, tells ThirtyK. “It’s the ‘endpoint vulnerability’ that’s the problem,” says Bonneau, whose firm is based in Winter Park, Fla. “Blockchain is being rapidly accepted because it more secure, but when it is extended to legacy systems you have exposure” to threats.

Bonneau, who specializes in data security for medium-sized companies, is getting more queries from investors in blockchain-centric companies and those companies’ customers. They want to know about security protocols and how security is designed into a blockchain startup’s systems from the ground up. Complacency and a rush to market are the primary reasons why these blockchain companies haven’t designed a secure system, says Bonneau.

Staying Ahead of Hackers

There are ways to stay ahead of the bad guys.

One large digital security company, Carbon Black, saysits algorithm acts as a quick-response “safety belt”that can snap to the defense when an attack appears imminent.

The company’s “predictive security cloud” identifies the patterns that precede attacks and monitors customers’ systems for those patterns, Rick McElroy, a security strategist with the Waltham, Mass.–based Carbon Black, tells ThirtyK. The tool can be developed for a variety of applications but is particularly relevant for blockchain because it can zoom in on the most vulnerable security points.

“Blockchain isn’t solving the endpoint security challenge,” he says “Malware still gets at the endpoint.”

Attackers’ behavior can be anticipated, especially if ever-evolving algorithms reflect ever-evolving patterns of attack, says McElroy. “You can generate predictive algorithms … that you are ‘x’ likely to have an attack on an endpoint,” he says.“We operate on the premise that if you can record the right data, you can find the bad guys.”

McElroy explains that blockchaindevelopment companies and teams are increasingly aware defensive security is essential because the reputations of their applicationsare entwined with the crystallizing reputation of blockchain itself.

Still, even the best forecasting tools can’t catch every breach, says Bonneau, though “catching up a minute later is far better than catching up days later.”

Weighing Risks Against Security Costs

Time–pressured startups that don’t have lots of capital sometimes balk at the resources required to lock down system weak spots, Bonneau says. Often they spend the minimum, hoping they will bolster their security as they grow. In the process they often overlook weak spots that become more critical as more customers come on board, she adds.

Bonneau says medium-sized companies and startups tend to listen to their accountants and lawyers – the traditional bearers of risk-analysis messages – about the broad ramifications of under-investing in endpoint security more than they do to security consultants. Accountants and lawyers often provide the wider context that leaders of start-up and fast-growing companies need to understand the ramifications of underestimating security weak points.

“The return on investment is bigger than the cost, but the cost still has to align with your current needs,” she says. “But everything is secure, until it isn’t.”

Joanne Cleaver is a Chicago-based freelance, business and lifestyles journalist based. Her work has appeared in a number of national and regional publications. Earlier in her career, she was the deputy business editor at the Milwaukee Journal Sentinel.